Bonjour multicast - How to do it with VLANs ?

Hello All,

I have tried tons of different things to have Bonjour multicast go through my VLANs with absolutely no success.
How should I proceed: PIM or IGMP proxy ?

I tried to go with PIM and declared two interfaces:

• One is a bridge between a vlan interface and a virtual interface used in MetaRouter
• The other one is a vlan interface

I then configured RP in one of the VLAN’s router address (tried both router’s IP) - zero result, even after adding prerouting mangle rule to increase TTL
[admin@Router] > /routing pim interface print detail
Flags: X - disabled, I - inactive, D - dynamic, R - designated-router, v1 - IGMPv1, v2 - IGMPv2, v3 - IGMPv3
0 Rv2 interface=VLAN100 & OpenWRT protocols=pim,igmp preferred-source-address=0.0.0.0 dr-priority=1 hello-period=30s hello-trigerred-delay=5s hello-holdtime=1m45s
propagation-delay=50 override-interval=250 tracking-support=yes require-hello=yes join-prune-period=1m join-prune-holdtime=3m30s assert-time=3m assert-override-interval=3s
alternative-subnets=“” igmp-version=IGMPv2

1 Rv2 interface=vlan200-private protocols=pim,igmp preferred-source-address=0.0.0.0 dr-priority=1 hello-period=30s hello-trigerred-delay=5s hello-holdtime=1m45s propagation-delay=50
override-interval=250 tracking-support=yes require-hello=yes join-prune-period=1m join-prune-holdtime=3m30s assert-time=3m assert-override-interval=3s alternative-subnets=“”
igmp-version=IGMPv2

2 DR interface=register protocols=pim dr-priority=1 hello-period=30s hello-trigerred-delay=5s hello-holdtime=1m45s propagation-delay=50 override-interval=250 tracking-support=yes
require-hello=yes join-prune-period=1m join-prune-holdtime=3m30s assert-time=3m assert-override-interval=3s alternative-subnets=“”[admin@Router] > /routing pim join print detail
Flags: RP - (,,RP), WC - (*,G), SG - (S,G), SG_rpt - (S,G,rpt)
WC group=224.0.0.0 source=10.1.0.1 rp=10.1.0.1 upsteam-interface-rp=register join-state=not-joined i-am-designated-router=VLAN100 & OpenWRT,vlan200-private joined-rp=“”
joined=“” pruned=“” prune-pending=“” could-assert-wc=“” immediate-rp=“” immediate-sg-rpt=“”

 SG group=239.255.255.250 source=0.0.0.0 rp=10.1.0.1 upsteam-interface-rp=register join-state=joined timeout=53s local-receivers=VLAN100 & OpenWRT 
     i-am-designated-router=VLAN100 & OpenWRT,vlan200-private joined-rp="" joined-wc="" joined="" pruned="" prune-pending="" assert-winner=VLAN100 & OpenWRT assert-loser=""
     assert-winner-wc=VLAN100 & OpenWRT assert-loser-wc="" assert-tracking-wc=VLAN100 & OpenWRT could-assert-wc=VLAN100 & OpenWRT immediate-rp="" immediate-wc=VLAN100 & Ope
     immediate-sg-rpt=VLAN100 & OpenWRT include-wc=VLAN100 & OpenWRT 

SG_rpt group=239.255.255.250 source=10.1.0.30 rp=10.1.0.1 upsteam-interface-src=VLAN100 & OpenWRT upsteam-interface-rp=register join-state=joined join-register-state=unknown
timeout=9s keepalive-timer=yes local-receivers=VLAN100 & OpenWRT i-am-designated-router=VLAN100 & OpenWRT,vlan200-private joined-rp=“” joined-wc=“” joined=“” pruned=“”
prune-pending=“” assert-winner=“” assert-loser=“” assert-winner-wc=VLAN100 & OpenWRT assert-loser-wc=“” could-assert-wc=VLAN100 & OpenWRT immediate-rp=“”
immediate-wc=VLAN100 & OpenWRT immediate-sg=“” immediate-sg-rpt=VLAN100 & OpenWRT include-wc=VLAN100 & OpenWRT[admin@Router] > /routing pim mfc print detail
group=239.255.255.250 source=10.1.0.30 rp=10.1.0.1 upstream-interface=VLAN100 & OpenWRT downstream-interfaces="No downstream interface ?
[admin@Router] > /routing pim rp print detail
Flags: D - dynamic, X - disabled
0 address=10.1.0.1 type=static group=224.0.0.0/4 priority=192 hash-mask-length=30 active-groups=1Any help will be appreciated.

Thank you

Curious myself.

As it’s been almost a month now that I’m trying to have this setup working I guess I have gone the wrong way.
Most likely I didn’t understand what PIM / IGMP Proxy should be used for and I’m looking for something else.

Is there a component in RouterOS that I can use to have multicast frames (be it Bonjour or VLC multicast) replicated from a subnet to another one ?

Thank you

Can you see any IGMP joins on vlan200-private interface?

As far as I remember, I never saw any machine from 10.2.0.0/24 network (vlan200) appears in Joins tab.
Should they land here when checking for a Bonjour printer for instance ?

I can see some groups related to vlan200 though in IGMP Groups but all of them have state saying exclude (even in vlan100 btw).

Post your igmp-group print detail.

230.255.2.1 being a stream I’m multicasting over udp using VLC
[admin@Router] /routing pim> mfc pr de
group=230.255.2.1 source=10.1.0.125 rp=10.2.0.1 upstream-interface=vlan100-management downstream-interfaces=“”

group=239.255.255.250 source=10.1.0.30 rp=10.2.0.1 upstream-interface=vlan100-management downstream-interfaces=“”[admin@Router] /routing pim> igmp-group pr de
Flags: v1 - IGMPv1, v2 - IGMPv2, v3 - IGMPv3, I - include, E - exclude, F - forward, D - don’t forward
v2E interface=vlan100-management group=224.0.0.2 source=0.0.0.0 last-reported=10.1.0.1 timeout=3m38s

v2E interface=vlan100-management group=224.0.0.13 source=0.0.0.0 last-reported=10.1.0.1 timeout=3m40s

v2E interface=vlan100-management group=224.0.0.22 source=0.0.0.0 last-reported=10.1.0.1 timeout=3m35s

v2E interface=vlan100-management group=239.255.255.250 source=0.0.0.0 last-reported=10.1.0.50 timeout=3m34s

v2E interface=vlan200-private group=224.0.0.2 source=0.0.0.0 last-reported=10.2.0.1 timeout=3m38s

v2E interface=vlan200-private group=224.0.0.13 source=0.0.0.0 last-reported=10.2.0.1 timeout=3m40s

v2E interface=vlan200-private group=224.0.0.22 source=0.0.0.0 last-reported=10.2.0.1 timeout=3m35s[admin@Router] /routing pim> join pr de
Flags: RP - (,,RP), WC - (*,G), SG - (S,G), SG_rpt - (S,G,rpt)
WC group=224.0.0.0 source=10.2.0.1 rp=10.2.0.1 upsteam-interface-rp=register join-state=not-joined i-am-designated-router=vlan100-management,vlan200-private
joined-rp=“” joined=“” pruned=“” prune-pending=“” could-assert-wc=“” immediate-rp=“” immediate-sg-rpt=“”

 SG group=239.255.255.250 source=0.0.0.0 rp=10.2.0.1 upsteam-interface-rp=register join-state=joined timeout=1s local-receivers=vlan100-management 
     i-am-designated-router=vlan100-management,vlan200-private joined-rp="" joined-wc="" joined="" pruned="" prune-pending="" assert-winner=vlan100-management 
     assert-loser="" assert-winner-wc=vlan100-management assert-loser-wc="" assert-tracking-wc=vlan100-management could-assert-wc=vlan100-management 
     immediate-rp="" immediate-wc=vlan100-management immediate-sg-rpt=vlan100-management include-wc=vlan100-management 

SG_rpt group=230.255.2.1 source=10.1.0.125 rp=10.2.0.1 upsteam-interface-src=vlan100-management upsteam-interface-rp=register join-state=not-joined
join-register-state=unknown keepalive-timer=yes local-receivers=“” i-am-designated-router=vlan100-management,vlan200-private joined-rp=“” joined-wc=“”
joined=“” pruned=“” prune-pending=“” assert-winner=“” assert-loser=“” assert-winner-wc=“” assert-loser-wc=“” could-assert-wc=“” immediate-rp=“”
immediate-wc=“” immediate-sg=“” immediate-sg-rpt=“” include-wc=“”

SG_rpt group=239.255.255.250 source=10.1.0.30 rp=10.2.0.1 upsteam-interface-src=vlan100-management upsteam-interface-rp=register join-state=joined
join-register-state=unknown timeout=1s keepalive-timer=yes local-receivers=vlan100-management i-am-designated-router=vlan100-management,vlan200-private
joined-rp=“” joined-wc=“” joined=“” pruned=“” prune-pending=“” assert-winner=“” assert-loser=“” assert-winner-wc=vlan100-management assert-loser-wc=“”
could-assert-wc=vlan100-management immediate-rp=“” immediate-wc=vlan100-management immediate-sg=“” immediate-sg-rpt=vlan100-management
include-wc=vlan100-management

Once more, as it’s been a month now that I’m trying to have this setup working I guess I have gone the wrong way.
Most likely I don’t understand what PIM / IGMP Proxy should be used for and I’m looking for something else.

Is there a component in RouterOS that I can use to have Bonjour frames replicated from a subnet to another one ?

Thank you

PIM is the correct mechanism to get multicast traffic from one L3 interface to another in a routed network. I am less familiar with Multicast on Mikrotik but I have a couple of questions.

Do you have any firewall rules on these interfaces?

Can you confirm that a device on VLAN 200 can connect to your server device on VLAN 100 via unicast (ping etc…). Multicast relies on the unicast routing table to build its table to send multicast traffic to clients. So if traditional unicast routing isn’t working multicast will not work.

The other thing I don’t see here is any IGMP joins by clients on VLAN 200. Multicast traffic will not be sent to VLAN 200 unless a client has requested a join.

IGMP is the L2 mechanism for a client to request a multicast stream. Routers listen for such requests and translate that into PIM join messages to the peer routers and ultimately to the RP if no route is in the MFC already.

Hello jkarras and thank you for your answer!

I have the default rules that come with RouterOS. So no rule specific to the VLANs.

Yes definitely. One of the device is a NAS and I’m able to connect using AFP. All the traffic between VLAN 100 and 200 is free to go.
Ping also works.

Yes, looks to be the thing. When should machines in VLAN 200 join anything ? They should join just because Bonjour client is running ?

My setup is very simple. Both VLANs are declared on the Mikrotik and data don’t have to reach another router.
Is it correct then to declare vlan100 and 200 in PIM interfaces (register interface shows up) and declare RP on either vlan100/200 local IP address ?
I have not done anything else in PIM config.

Thank you

Before going too much further I should note that Bonjour is designed to not be routed. It uses the 224.0.0.0/24 multicast range which is link-local only. That said if you still want to get PIM routing working it would be best to test your setup with some other protocol. So assuming the stream your talking about is originating from say VLC and being consumed by VLC you should be good. If your expecting to have a Bonjour device advertise a service on VLAN 100 and have a client pickup that mDNS advertisement and connect to the stream(even though the stream is not on 224.0.0.0/24) on VLAN 200 it will not work.

To get mDNS traffic to pass through routed barriers you will need a mDNS reflector/replicator such as Avahi.

With that in mind my answers are below.

A client will send a IGMP join request when a application such as the Bonjour client wants to request access to a multicast stream. Think of IGMP as the ARP of multicast. It lets the router (as well as switches with IGMP snooping) know the client is requesting a stream. From my experience with a IPTV system run at my place of employment. Windows firewall as well as others is good a blocking multicast in some default configurations. You should test by turning off any client side firewalls and see if that makes a difference. In your previous IGMP-group print out I didn’t see any Bonjour advertisements or join requests.

Both interfaces should be declared in PIM. Some devices have the concept of a PIM passive mode which is similar to passive in OSPF. The router ignores certain PIM messages that only a router should send. Thus you enable PIM passive on client facing networks. I don’t know that Mikrotik has this functionality though. One thing you may try is enabling IGMPv3 instead of the default v2. You should sniff the traffic on your vlan200 and see if the Mikrotik is seeing the IGMP joins. Will you paste an updated IGMP group list while running your stream and client.

Also it should be noted that even though your server is offering a stream and publishing it via Bonjour it doesn’t mean your client is going to registe

Thank you for your answer.

I gave up and I am now running a Raspberry listening and advertising mDNS on both VLANs. Too bad Mikrotik / RouterOS can’t do it.

Thanks again.

Any built-in solution now?

Is there a solution now? Jan 2020.

I’ve looked around the internet and I can’t find a tutorial on how to implement mdns/multicast across vlans/subnets/bridges!
Solutions like unifi can implement this with couple of rules and buttons, see this;
https://youtu.be/p3SfeQTaaxw

Why can’t we have solutions like this?
At least one of mikrotik experts could put an easy to follow solution to help non experts.
The wiki page on mdns could be updated.
Come on guys!

Agree. I actually gave up and bought a Unifi Dream Machine and now have it working across 4 VLANs.

Yea man, I’ve just returned it yesterday, the wireless signal was unstable, may be just my machine
That’s been said, the mdns implementation is amazing

What are you using instead to implement VLANs?

After returning UDM, went back to mikrotik.
Now I’m thinking of going pfsense or ubiquiti again! This time of I go with unifi, I may need to build components.
Not sure.
IF only mikrotik implement easier mdns and possibly ips, they’ll be unstoppable!
How happy are you with UDM?

Very happy. If all you need is a single AP, it basically combines the USG, switch and AP into one.
Bonjour across VLANs work fine, but I can’t get my HDHomerun TV tuner to work with the HDHomerun App. It uses some funky mDNS magic. It works with other PVR apps though, so I have a workaround.